Privacy Policy

1. Introduction

Welcome to Crateflow GmbH. We take your privacy seriously and comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). This Privacy Policy explains how we collect, process, and store your personal data when you use our website or services.

2. Controller and Contact

Crateflow GmbH
C/O Digital Hub Worms e.V., Adenauerring 1
67547 Worms, Germany
Phone: +49 1575 5181708
Email: info@crateflow.ai: hello@crateflow.ai

We are responsible for determining the purposes and means of the processing of personal data on this website. If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the email address above.

3. Hosting on Microsoft Azure

Our website and related infrastructure are hosted on Microsoft Azure servers. Microsoft Corporation is located at One Microsoft Way, Redmond, WA 98052-6399, USA. Personal data collected through our website may be processed on servers operated by Microsoft. We have a legitimate interest (Art. 6(1)(f) GDPR) in reliable and secure hosting. For more information, please see Microsoft's privacy policy: https://privacy.microsoft.com/ Microsoft Privacy Statement.

4. Data Collection and Processing

We collect personal data in the following ways:

• Data You Provide: When you voluntarily submit information (e.g., via contact forms or email). This may include your name, email address, or other identifiers.
• Automatically Collected Data: Our server (or Azure's server) automatically logs certain technical data such as your IP address, browser type, operating system, referral URLs, and timestamps. This helps us ensure the security and functionality of our website.

The lawful bases for processing your personal data may include consent (Art. 6(1)(a) GDPR), contract (Art. 6(1)(b) GDPR), legal obligations (Art. 6(1)(c) GDPR), or our legitimate interests (Art. 6(1)(f) GDPR), such as improving our services or ensuring security.

5. Cookies and Similar Technologies

We use cookies and similar technologies primarily for essential functionality. Our Cookie Policy provides further details:

Cookie Policy

This Cookie Policy explains how Crateflow GmbH uses cookies and similar technologies when you visit our website at crateflow.ai.

1. What Are Cookies? Cookies are small text files stored on your device to help websites function, improve user experience, and collect usage data.
2. Types of Cookies We Use:
   • Essential Cookies: Necessary for the website to function (e.g., session cookies, Next.js auth cookies). These do not require consent.
   • Third-Party Cookies: Calendly may set its own cookies. Each third party is responsible for its own cookie policies.
3. How Can You Manage Cookies? You can set your browser to reject or delete cookies. However, this may affect certain features of the website.
4. Changes to This Cookie Policy We may update our Cookie Policy to reflect changes in the cookies we use or for legal reasons. Please check back regularly.

If you have any questions about our use of cookies or other technologies, please email us at hello@crateflow.ai.

6. Third-Party Services

We use Calendly (https://calendly.com) for scheduling. Calendly processes your name, email address, and scheduling preferences. The lawful basis is Art. 6(1)(a) GDPR (consent through use). Calendly stores data on servers in the USA. Please review Calendly's Privacy Policy (https://calendly.com/privacy) for further details on how they process your data.

• Calendly: https://calendly.com/privacy

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Specifically: Contact inquiries are retained for 90 days; technical logs are deleted after 30 days. Longer retention periods apply where required by law (e.g., tax obligations of 10 years). Calendly retains booking data according to their privacy policy (https://calendly.com/privacy).

8. Your Rights

Under the GDPR, you have the right to request:

• Access: Information about the personal data we hold about you.
• Rectification: Correction of any inaccurate or incomplete data.
• Erasure: Deletion of your personal data when it is no longer needed or if you withdraw consent (where applicable).
• Restriction: Restriction of processing under certain conditions.
• Data Portability: Transfer of your data to you or a third party in a machine-readable format.
• Objection: To object to processing based on legitimate interests or direct marketing.

To exercise any of these rights, please contact us at info@crateflow.ai. You also have the right to lodge a complaint with a supervisory authority if you believe your rights have been infringed. The responsible authority is the Data Protection Commissioner of Rhineland-Palatinate (Landesbeauftragte für Datenschutz und Informationsfreiheit Rheinland-Pfalz).

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes SSL/TLS encryption for data transmission and secure server environments.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. We encourage you to review this page periodically to stay informed about how we protect your data.

Last updated: December 12, 2025